In this series i will keep sharing some of the hackshield sdk info a reverser should know before laying his hand over hackshield. It will be a long series.
Text and/or other creative content from HackShield was copied or moved into AhnLab Inc with this edit.The former page's history now serves to provide attribution for that content in the latter page, and it must not be deleted so long as the latter page exists. AhnLab V3 Nominated as Top Product by AV-TEST on October 2020 Evaluation AhnLab Warns of Phishing Website Disguised as Popular Out-of-Stock Items More. #define ahnhsdisplayhackshieldtrayicon 0x4000000 #define AHNHSCHKOPTDETECTVIRTUALMACHINE 0x8000000 #define AHNHSCHKOPTUPDATEDFILECHECK 0x10000000.
DISCLAIMER : I & ANY OTHER 3RD PARTY ARE NOT AFFILIATED ANYWAY WITH AHN LAB ,INC. YOU ARE ONLY ALLOWED TO UTILIZE THE KNOWLEDGE IN A WAY THAT WONT HARM/INVALIDATES ANY COMPANY POLICY AND IN EVENT OF ANY LOSS YOU AND ONLY YOU WILL BE THE ONE TO BE BLAMED.
Why this disclaimer, Ahn Lab doesn’t allow anyone except their clients to peek into their protection features and other details. But we are doing it only for learning process right?
Features of HackShield Pro:
Memory-access block
“Blocks memory access through Windows API (OpenProcess, Read/WriteProcessMemory and etc.). It protects memory in kernel level to block hack attacks that manipulate executable codes or return values.” This thing a bitch, patches critical kernel apis to stop peeking inside the game client
Speed Hack block:
Speed Hack is a program that controls time to arbitrarily speed game up or slow game down by using the Windows time functions or timer processing microprocessor. To block Speed Hack, HackShield frequently monitors the difference between the system time and logical time of the operating system in the microprocessor level. If the difference exceeds a certain value, this could be considered as a speed hack.Note that the detection speed could differ according to the user system, operating system or game type.
Enhanced auto-mouse detection *
Detects auto-mouse to prevent server overload and arbitrary control of the game. A new feature of detecting auto-mouse that runs as a hardware such as USB, has been added to HackShield 2.0 as well as automouse that runs as a program.
File manipulation detection
Checks the integrity of HackShield files when HackShield is initialized and/or when a game is running to make sure the files are the ones initially distributed. It also detects if the files have been modified or if the file names have been changed.In simpler words client crc checks
Debugging detection
Detects all debugging tracing to prevent games from being debugged. If any debugger, such as SoftICE, is detected when initializing HackShield, then HackShield returns an error to block it.
Signature-based detection
Provides signatures-based detection. If a hacking tool is detected using a predefined signature, an error message with the path of the program is displayed.
Server-side detection *
Interoperates with the server to monitor manipulation of executable files and memory in real time and check HackShield operation status. In HackShield Pro, it was inconvenient to manage the file/memory CRC of the client in the server. So, a new Artificial Intelligence (AI) feature that automatically manages the file/memory CRC in the server has been added to HackShield 2.0.
Data file/message encryption
Encrypts important data files and messages sent and received between the server and the client, to secure data even when they are exposed.
Memory heuristic detection *
Memory heuristic detection has been added: it identifies the characteristics of hacking tools in the memory to counter new hack attacks in which no signature exists yet. When a hacking tool is detected by the memory heuristic detection engine, an error message “Unknown: error code” will be displayed.
HackShield update *
When HackShield update is available, it is updated through the HackShield Update server.
HackShield hacking monitoring system *
Monitors hack attacks and errors occurred in the game client in real time. You can access the HackShield hacking monitoring system through the web, and generate various reports.
* features are either enhanced from previous generation or newly added
Client File Types
There are other files which come with the sdk but those are for server only and doesnt required
next i will keep describing hackshield driver exceptions which can occur during startup
HackShield Driver Error
[ErrorCode: 0x00000102] Failed to initialize HackShield driver
Symptoms
1. An error message (Error Code: 0x00000102) occurs, and the game does not run.
Cause
An error occurred when the HackShield driver is initialized.
There could be a program that might prevent the driver from being initialized
Solution
1. It could be a temporary error, restart the game.
2. There could be a program that might prevent the driver from being initialized. Restart the computer
and then run the game again.
If the error persists after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00000108] Failed to initialize HackShield module
Symptoms
1. An error message (Error Code:0x00000108) occurs, and the game does not run.
Cause
An error occurred as HackShield is not compatible with Symantec’s EndPoint Protection.
This error does not occur in EndPoint Protection version released from 2010.
Solution
Visit Symantec website, and download the latest EndPoint Protection and reinstall it
If the error persists after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00000203 – 4] Failed to start HackShield driver
Symptoms
1. An error message (Error Code: 0x00000203 or 0x00000204) occurs, and the game does not run.
Cause
An error occurred when the HackShield driver is loaded.
There could be a program that might prevent the HackShield driver from being loaded.
Solution
1. It could be a temporary error, restart the game.
2. There could be a program that might prevent the driver from being initialized. Restart the computer
and then run the game again
If the error persists after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00010301] Hooking Detection
Symptoms
1. An error message (Error Code: 0x00010301) occurs, and the game is terminated.
Cause
Hooking has been detected in a system file or HackShield file.
There could be a conflict with a program installed on your PC.
(HackShield 5.3.7.1 version may detect steam programs.)
Solution
A. Terminate the Steam program. Or, remove the program.
If hacking attacks keep on being detected after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00010302] Failed to load HackShield driver
Symptoms
1. An error message (Error Code: 0x00010302) occurs, and the game is terminated.
Cause
The HackShield driver has not been properly loaded.
There could be a program that might prevent the HackShield driver from being loaded.
Solution
1. It could be a temporary error, restart the game.
2. There could be a program that might prevent the driver from being initialized. Restart the computer
and then run the game again.
If the error persists after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00000203 – 4] Failed to start HackShield driver
Symptoms
1. An error message (Error Code: 0x00000203 or 0x00000204) occurs, and the game does not run.
Cause
An error occurred when the HackShield driver is loaded.
There could be a program that might prevent the HackShield driver from being loaded.
Solution
1. It could be a temporary error, restart the game.
2. There could be a program that might prevent the driver from being initialized. Restart the computer and then run the game again.
If the error persists after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00010301] Hooking Detection
Symptoms
1. An error message (Error Code: 0x00010301) occurs, and the game is terminated.
Cause
Hooking has been detected in a system file or HackShield file.
There could be a conflict with a program installed on your PC.
(HackShield 5.3.7.1 version may detect steam programs.)
Solution
A. Terminate the Steam program. Or, remove the program.
If hacking attacks keep on being detected after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00010302] Failed to load HackShield driver
Symptoms
1. An error message (Error Code: 0x00010302) occurs, and the game is terminated.
Cause
The HackShield driver has not been properly loaded.
There could be a program that might prevent the HackShield driver from being loaded.
Solution
1. It could be a temporary error, restart the game.
2. There could be a program that might prevent the driver from being initialized. Restart the computer and then run the game again.
If the error persists after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
[ErrorCode: 0x00000004] Application compatibility error when initializing HackShield
Symptoms
1. An error message (Error Code: 0x00000004) occurs, and the game is terminated.
Cause
The game client has been executed in Windows Compatibility Mode.
Solution
2. Right-click on the game icon, and select Properties.
3. Select the Compatibiltiy tab as the picture below.
4. Check whether compatibility mode is enabled. Disable it.
If the error persists after following the above procedure, perform the step below:
Get information on the system in which the error occurred and send the log file to AhnLab. For details, refer to [4. Error Information Collection Method > Collecting and analyzing error information using AhnReport > Collecting HackShield log].
This is the possible external HS errors which can occur and will be visible to the end user, on next part we will focus on internal exceptions that can occur during gameplay
Last updatedNative name | ㈜안랩 |
---|---|
Private | |
Tradedas | KRX: 053800 |
ISIN | |
Industry | Computer software |
Founded | Seoul, South Korea (15March1995) |
Founder | Ahn Cheol-Soo |
Headquarters | Seongnam-Si, Gyeonggi-Do , |
Number of locations | 4 |
Worldwide | |
Key people |
|
Products | Antivirus software, Network security products, Mobile security products |
Services | Computer security, Network security |
Revenue | ₩126,757,000,000 (2012)[1] |
Owner | HongSun Kim |
850 (2013) | |
Website | Korean(HQ) ahnlab.com |
Footnotes/references [2][3][4][5][6][7][8] |
AhnLab, Inc., founded in 1995, is a security software provider in South Korea. AhnLab sells computer software such as antivirus software, online security, network security appliances such as Advanced Threat (Malware) Detection & Remediation, including APT type of cyber attack, firewalls, IPS, UTM, and security software for online games and the mobile web.
Ahn Cheol-Soo (founder) found his computer infected with the computer virus called (c)brain. He developed a program to find and remove it and named it 'Vaccine'. Since then, anti-virus software has been called 'Vaccine software' in Korea. He distributed the antivirus program to the public without charge, until he established AhnLab in 1995. Dr. Ahn promoted his new company in 1995.[9][10]
Since its founding in 1995, AhnLab has become one of the largest security software companies over 50% of market share in the Korean security market alone and approximately 500 distributors worldwide.[11][12] In September 2001, AhnLab was listed in the KRX: 053800. Headquartered in Seongnam-Si, Gyeonggi-Do, South Korea, AhnLab is traded on the KOSDAQ under the symbol AhnLab.
On the tenth anniversary of the company's founding (2005), Ahn Cheol-Soo resigned his position as the CEO, Kim Cheol-Soo was appointed as the successor.[7] Current CEO is HongSun Kim (appointed in 2008).[13][14]
AhnLab has been selected as one of the Korea's most admired company for five years from 2004 to 2010.[15][16][17]
On 4 October 2011, Ahnlab' Headquarters has moved to Seongnam-Si, Gyeonggi-Do.[18] On 29 March 2012, Ahnlab' Korean company name has been changed from (주)안철수연구소 to (주)안랩 by the annual meeting of shareholders.
AhnLab has many security software products for PC, Network and Mobile, including:
HackShield is a hacking and cheating prevention software suite and service[19] for MMOs and has been used in games by Nexon and NCSoft.[20] It has been available to Korean game developers since 2001[20] and American game developers since 2005.[21]
McAfee, LLC is an American global computer security software company headquartered in Santa Clara, California and claims to be the world's largest dedicated technology security company.
Antivirus software, or anti-virus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.
ESET is a Slovak internet security company that offers anti-virus and firewall products. ESET is headquartered in Bratislava, Slovakia, and was awarded the recognition of the most successful Slovak company in 2008, 2009 and in 2010.
ESET NOD32 Antivirus, commonly known as NOD32, is an antivirus software package made by the Slovak company ESET. ESET NOD32 Antivirus is sold in two editions, Home Edition and Business Edition. The Business Edition packages add ESET Remote Administrator allowing for server deployment and management, mirroring of threat signature database updates and the ability to install on Microsoft Windows Server operating systems.
Avast Software s.r.o. is a Czech multinational cybersecurity software company headquartered in Prague, Czech Republic that researches and develops computer security software, machine learning and artificial intelligence. Avast has more than 435 million monthly active users and the second largest market share among anti-malware application vendors worldwide as of April 2020. The company has approximately 1,700 employees across its 25 offices worldwide.
This is a list of Korea-related topics starting with A.
ICSA Labs began as NCSA. Its mission was to increase awareness of the need for computer security and to provide education about various security products and technologies.
Sourcefire, Inc was a technology company that developed network security hardware and software. The company's Firepower network security appliances were based on Snort, an open-source intrusion detection system (IDS). Sourcefire was acquired by Cisco for $2.7 billion in July 2013.
Kaspersky Lab is a multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky, and Alexey De-Monderik; Eugene Kaspersky is currently the CEO. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.
Agnitum Ltd was founded in 1999 in St. Petersburg, Russia as software company. In 2000 Agnitum hired 2 developers and increased the number of staff people to 20 until 2002. Agnitum was originally focused on anti-trojan and PC connections monitoring products targeted on Windows PCs users. The company is now known mostly as a personal firewall and Internet security products provider. Outpost Firewall Pro, the flagship product of the company, was released in 2002 together with its freeware product. Agnitum's products were mostly consumer-oriented, taking into account licensing Agnitum's products technologies to several national security software publishers.
Ahn Cheol-soo is a South Korean politician, medical doctor, businessperson and software entrepreneur. A two-time former presidential election candidate in 2012 and 2017, Ahn was the Bareunmirae Party's candidate for the Seoul mayorship in 2018.
K7 Total Security, developed by K7 Computing Pvt. Ltd., is an Indian malware prevention and antivirus software, and provides malware prevention and removal during a subscription period and uses signatures and heuristics to identify viruses. Other features include a software firewall, e-mail spam filtering and phishing protection.
Trend Micro Internet Security is an antivirus and online security program developed by Trend Micro for the consumer market. According to NSS Lab comparative analysis of software products for this market in 2014, Trend Micro Internet Security was fastest in responding to new internet threats.
Avira Operations GmbH & Co. KG is a German multinational computer security software company mainly known for their antivirus software Avira Free Security.
Presidential elections were held in South Korea on 19 December 2012. They were the sixth presidential elections since democratization and the establishment of the Sixth Republic, and were held under a first-past-the-post system, in which there was a single round of voting and the candidate receiving the highest number of votes was elected. Under the South Korean constitution, a president is restricted to a single five-year term in office. The term of the then incumbent president Lee Myung-bak ended on 24 February 2013. According to the Korea Times, 30.7 million people voted with turnout at 75.8%. Park Geun-hye of the Saenuri party was elected the first female South Korean president with 51.6% of the vote opposed to 48.0% for her opponent Moon Jae-in. Park's share of the vote was the highest won by any candidate since the beginning of free and fair direct elections in 1987.
This article is a list of opinion polls that have been taken for the 2012 South Korean presidential election. It is divided into polls for the presidential election itself, and polls for the primaries of the two main parties, Saenuri and the Democratic United Party. Two-way polls are used to demonstrate the popularity of one candidate with respect to another, but the election itself will have no run-off round and will be held under a system of First Past the Post. The polls are ordered by date, with the newest at the top.
Presidential elections were held in South Korea on 9 May 2017 following the impeachment and dismissal of Park Geun-hye. The elections were conducted in a single round, on a first-past-the-post basis, and had originally been scheduled for 20 December 2017. However, they were brought forward after the decision of the Constitutional Court on 10 March 2017 to uphold the National Assembly's impeachment of Park. Following procedures set out in the Constitution of South Korea, Prime Minister Hwang Kyo-ahn succeeded Park as the acting president. After Park was removed from office by the Constitutional Court's ruling, acting president Hwang announced he would not run for a term in his own right.
Pangyo Techno Valley (PTV) is an industrial complex in the city of Pangyo, Seongnam, Gyeonggi Province, South Korea. It is also known as the Silicon Valley of Korea. The complex focuses on information technology, biotech, cultural technology and fusion technology. One of the benefits of the diversity of fields and businesses is the maximized growth potential in the field of high-tech technology through exchanges between the companies. The location within a major metropolitan area creates synergy effects because of the proximity to other techno valleys or adjacent knowledge-based infrastructure clusters in the province. The business environment of the PTV is supported by the government of the Gyeonggi Province through the implementation of various support facilities as for examples a R&D center or public support center.
Kasperski is a family name of East European origin. Formed by adding a Slavic adjective-forming suffix -ski to the Western men's personal name Kasper/Casper.
A presidential election is scheduled to be held in South Korea in 2022. It will be the eighth presidential election since democratization and the establishment of the Sixth Republic. Under the South Korean constitution, the president is restricted to a single five-year term in office, meaning the incumbent president Moon Jae-in is ineligible to run for a second term.